April 2017 Digital Edition

Click Here

March 2017 Digital Edition

Click Here

Feb. 2017 Digital Edition

Click Here

January 2017 Digital Edition

Click Here

Nov/Dec 2016 Digital Edition

Click Here

Oct 2016 Digital Edition

Click Here

Technology Sectors

Market Sectors

Cyber attacks: Why government agencies are potential targets

Christopher Pogue

Many industry experts believe that the Advanced Persistent Threat (APT), any group or foreign government that persistently and effectively targets a specific victim, is the primary enemy of the U.S. Government when it comes to cyber attacks. 

While this may be true to the extent to which specific, targeted data has value to state-sponsored efforts, it is by no means the only threat. Organized cyber-criminals have caused billions of dollars in fraud losses to the U.S. alone, and all indicators show that cyber-criminals are advancing their technology and re-doubling their efforts to breach American financial systems and steal valuable information through ways government employees may not expect, such as finding out where they ate their lunch or where they bought a can of shaving cream. 

According to the 2013 Trustwave Global Security Report, the retail industry emerged as the top target for cyber attacks in 2012, surpassing the food and beverage industry (2011) and the hospitality industry (2010). While government agencies did not emerge as a Top Three target, retail, food and beverage and hospitality services are provided within the government infrastructure and can be targeted by organized cyber-criminals in the same manner, which is why all government agencies must be vigilant and implement a thorough data security strategy.

Many U.S. Government agencies store, process and transmit cardholder data through a PX/BX on a military base, a national park, the U.S. embassies, etc. Citizens pay taxes, fines and various permit fees with credit cards, either online or in person. So, how do government agencies know those citizens’ personal data is being protected? 

After performing nearly 1,500 investigations during the past five years, Trustwave security experts know that it is only a matter of time before a government agency becomes a victim. Given the widespread ramifications of successfully breaching a government-owned payment system, businesses within the government infrastructure must act now and implement a thorough, in-depth cyber security plan, in addition to making sure they comply with the Payment Card Industry Data Security Standard, an information security standard created to increase controls around cardholder data to reduce credit card fraud. 

On the heels of the president's recent executive order regarding cyber security, government agencies and civilian security companies need to work together to strengthen federal computing assets. By developing these partnerships with industry experts, government agencies can get a holistic view of the threat landscape, and in doing so, prepare themselves for the challenges currently being faced by the business community. 

Through more than five years of case work and trend analysis, Trustwave security experts have seen an ongoing pattern -- if you have something to steal, somebody will steal it. Payment card data is clearly the most valued by cyber criminals. It is bought and sold on the black market like illegal drugs, with “fresh” dumps of data fetching upwards of $25 per credit card. With some breaches exceeding 100,000 valid, unexpired credit card numbers, and attribution by U.S. law enforcement being exceedingly difficult, this is a very low-risk, high-reward crime.  

Really, there are only three types of victims -- those that have been breached, those that are being breached, and those that are about to be breached. Which one are you? 

Christopher Pogue is the director of digital forensics and incident response at Trustwave. He can be reached at:

[email protected]




Recent Videos

HID Global is opening the door to a new era of security and convenience.  Powered by Seos technology, the HID Mobile Access solution delivers a more secure and convenient way to open doors and gates, access networks and services, and make cashless payments using phones and other mobile devices. ...
Mobile device forensics can make a difference in many investigations, but you need training that teaches you how to get the most out of your mobile forensics hardware and software, and certifies you to testify in court. Read this white paper to learn how to evaluate mobile forensics training...
PureTech Systems is a software company that develops and markets PureActiv, its geospatial analytics solution designed to protect critical perimeters and infrastructure.  Its patented video analytics leverage thermal cameras, radars and other perimeter sensors to detect, geo-locate, classify, and...
PureTech Systems is a technology leader in the use of geospatial video, focusing on perimeter security.  When combining geospatial capabilities with video analytics and PTZ camera control, managers of critical facilities can benefit by allowing the video management system to aid them in the process...